curl / Docs / Vulnerability table / 5.8 vulnerabilities

Vulnerabilities in curl 5.8

curl version 5.8 was released on May 5 1999. The following 11 security problems are known to exist in this version.

Flaw	From version	To and including	CVE	CWE
control code in cookie denial of service	4.9	7.84.0	CVE-2022-35252	CWE-1286: Improper Validation of Syntactic Correctness of Input
Auth/cookie leak on redirect	4.9	7.82.0	CVE-2022-27776	CWE-522: Insufficiently Protected Credentials
Credential leak on redirect	4.9	7.82.0	CVE-2022-27774	CWE-522: Insufficiently Protected Credentials
trusting FTP PASV responses	4.0	7.73.0	CVE-2020-8284	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
printf floating point buffer overflow	5.4	7.51.0	CVE-2016-9586	CWE-121: Stack-based Buffer Overflow
cookie injection for other servers	4.9	7.50.3	CVE-2016-8615	CWE-187: Partial Comparison
double-free in curl_maprintf	5.4	7.50.3	CVE-2016-8618	CWE-415: Double Free
TLS session resumption client cert bypass	5.0	7.50.0	CVE-2016-5419	CWE-305: Authentication Bypass by Primary Weakness
sensitive HTTP server headers also sent to proxies	4.0	7.42.0	CVE-2015-3153	CWE-201: Information Exposure Through Sent Data
cookie leak with IP address as domain	4.0	7.37.1	CVE-2014-3613	CWE-201: Information Exposure Through Sent Data
Proxy Authentication Header Information Leakage	4.5	7.10.6	CVE-2003-1605	CWE-201: Information Exposure Through Sent Data